skills-qa

HIGH W007: Insecure credential handling detected in skill instructions.

• Insecure credential handling detected (high risk: 1.00). The prompt explicitly instructs the agent to scan untrusted files and "produce: file path, line number(s), the exact quoted text" for findings, which would cause any API keys, tokens, or passwords present in those files to be output verbatim (an exfiltration risk).